Most Enterprises Plan To Be On IPv6 By 2013

Julie188 writes "More than 70% of IT departments plan to upgrade their websites to support IPv6 within the next 24 months, according to a recent survey of more than 200 IT professionals conducted by Network World. Plus, 65% say they will have IPv6 running on their internal networks by then, too. One survey respondent, John Mann, a network architect at Monash University in Melbourne, Australia, said his organization has been making steady IPv6 progress since 2008. 'Mostly IPv6 has just worked,' he said. 'The biggest problem is maintaining forward progress with IPv6 while it is still possible to take the easy option and fall back to IPv4.'"

Wrong survey audience

[ravenspear]

If it were up to the IT professionals, more businesses would already be on it.

They should have surveyed CFOs to see what percentage of businesses will budget anything for an IPv6 transition in the next 24 months.

I'm an IT professional, but I'm not currently authorized to work on a transition of our network because I have a long list of things that was deemed more important by management.

Re:

[snookerhog]

indeed

Re:Wrong survey audience

[Kenja]

100% of CFOs said "What? Who are you? How did you get into my office?"

Re:Wrong survey audience

[gman003]

Sure, IT pros are probably more likely to want IPv6. But most of the survey questions were action ones - what have you done about IPv6? When a quarter say they've already started rolling out internal IPv6, and 13% more say they're done, that says a lot. The numbers are similar for web servers with public IPv6 - 20% have started, 13% are already done. It would appear that this is a technical problem that can be explained to the bosses easily: "I'm sorry, but the Internet is full. We need to upgrade to the new Internet if we want to add more stuff. We'll still work with the old Internet, so we won't lose customers, and we're only going to need to replace ___, ___ and maybe ___."

Re:

[game kid]

It would appear that this is a technical problem that can be explained to the bosses easily: "I'm sorry, but the Internet is full. We need to upgrade to the new Internet if we want to add more stuff. We'll still work with the old Internet, so we won't lose customers, and we're only going to need to replace ___, ___ and maybe ___."

Boss: "The Internet is full!? Didn't we just buy a whole pack of 2Thz hard drives???"

IT guy: "No, we just need to upgrade to IPv6 or we'll lose connections and Google hits. --and

Re:

[luizd]

Individual coherence makes collective incoherence.

It is logical to not migrate as it costs and nobody uses it yet (but me). It does not add a think to your service, except if your end-user is a technical one (that for some reason, want IPv6). However, the logical "not migrate" movement creates a great incoherence when it introduces extra costs in order to overcome the lack of IPv4 when bad times comes. At that time, CFO will start to worry when the cost of IPv4 get skyrocketed.

So, if you migrate now

Re:

[jm493]

From now on, make sure every new bit of hardware/software you buy has IPv4 IPv6 feature parity. Won't cost you much if any extra. In 1 year, 25% of your gear will be IPv6-capable. In 2 years 50% etc. If you don't do that, in 2 years when you suddenly do need IPv6, there will be HUGE costs doing forklift replacement and re-testing of IPv4-only stuff you bought recently.
The other thing is that IPv6 deployment takes time. You don't get to see the 2nd problem until you have found and fixed the first prob

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[gmack]

A lot of the manufacturers are sitting on IPv6 enabled firmware until the ISPs get farther along. I know Telefonica (Spain) is planning to remote reflash all of their customer side DSL modems with IPv6 capable firmware during their IPv6 rollout planned for later this year.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Bert64]

1, Any web based applications support it by default if the webserver does (which all common ones do), you can still do dual stack internally for legacy cruft... i certainly wouldnt deploy anything new that didnt support ipv6, how much legacy cruft do you have which requires ipx/spx or appletalk?

2, Routing hardware has been supporting ipv6 for a LONG time... Cisco introduced support for it in 2001 - 10 years ago, i would hardly call the current hardware "1st generation". Windows also gained production suppor

Re:

[sosume]

They should just have added an extra octet to IPv4. IPv6 is overly complicated, who wants to remember the internal IPv6 address range? sure, let's ping ::::::3e:1f:00:7a - oh wait, I have one colon too many.

Re:

[YttriumOxide]

They should just have added an extra octet to IPv4. IPv6 is overly complicated, who wants to remember the internal IPv6 address range? sure, let's ping ::::::3e:1f:00:7a - oh wait, I have one colon too many.

Sadly, this does bring up a very valid point. A lot of 'peripheral' network equipment tends to get addressed by address directly (more out of habit and laziness on the IT admin part than anything, but one shouldn't underestimate that!). I work as a software developer in the MFP (think: networked office printer/scanner/fax/copier devices) industry. By customer request, all the software I create tends to show your list of devices by IP address first. Of course, both my software and the devices it works wi

Re:

[bbn]

There is nothing wrong with assigning your printer an address such as fd00::5. That is not too hard to remember is it?

Re:

[bbn]

If he wants to access it from Starbucks, then that one won't do.

Sure it will, he just needs a VPN.

Who wants to offer the whole world free access to a printer?

Re:

[petermgreen]

They're too hard to remember as the parent points out.

Really that all depends on how the particular address is assigned. Stateless autoconfiguration tends to lead to horrible addresses but you don't have to use it.

Note that if your address has a large block of consecutive zeros you can replace them with a block of colons.

IMO the two biggest problems with IPV6 are

1: the transistion mechanisms were tacked on after the fact rather than being a core part of the spec.
2: the only transition mechanism that works behind NAT does so by fighting the NAT rather than work

Re:

[VolciMaster]

They should just have added an extra octet to IPv4. IPv6 is overly complicated, who wants to remember the internal IPv6 address range? sure, let's ping ::::::3e:1f:00:7a - oh wait, I have one colon too many.

Sadly, this does bring up a very valid point. A lot of 'peripheral' network equipment tends to get addressed by address directly (more out of habit and laziness on the IT admin part than anything, but one shouldn't underestimate that!). I work as a software developer in the MFP (think: networked office printer/scanner/fax/copier devices) industry. By customer request, all the software I create tends to show your list of devices by IP address first. Of course, both my software and the devices it works with fully support both DNS and IPv6, so typing a hostname or IPv6 address will work, but if the customers don't set the devices up to USE these functions, we can't exactly force them.

Of course, the 'local network' world can probably stick to IPv4 for a fair bit longer (or theoretically indefinitely) while the connections out then make use of IPv6; however as more people hear buzzwords like 'cloud', more and more previously 'internal' things are going to start having connections to the outside and there's a big potential for mess.

Now, why don't people just happily type in IPv6 addresses? They're too hard to remember as the parent points out. Well, why don't they use DNS? Because doing so requires a DNS server (fine in bigger offices, but a bit overkill for a 10 person shop with only a couple of devices)

Adding octets to the IPv4 format as the parent suggests would've been a much 'easier' transition for most people. Sure there's a lot that would need to have been considered, but it's probably not dissimilar to the amount required for consideration with the current IPv6 way of doing things.

And yes, I'm aware one could theoretically write a complete IPv6 address with dotted quad style notation, but if no-one else does and the majority of software didn't support it, then doing so would be a bit dumb.

And lots of software (for originally-valid reasons) wants IP addresses, and only aliases them internally to different host names. DNS cannot be relied-on. /etc/hosts *may* not be reliable. But if you have an IP address and can't hit it, you *KNOW* you have a networking/routing issue.

Re:

[growse]

You appear to fail to understand networking, IPv6, IPv4, routing and the scale of the problem that IPv6 is solving.

Re:

[bbn]

They should just have added an extra octet to IPv4. IPv6 is overly complicated, who wants to remember the internal IPv6 address range? sure, let's ping ::::::3e:1f:00:7a - oh wait, I have one colon too many.

No you have several colons too many. Let me remove some of them for you and that address can in fact be pinged:

baldur@pkunk:~$ ping6 -c1 ::3e:1f:00:7a
PING ::3e:1f:00:7a(::3e:1f:0:7a) 56 data bytes

--- ::3e:1f:00:7a ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Maybe go learn a bit about the subject before complaining?

Re:

[tlhIngan]

2, Routing hardware has been supporting ipv6 for a LONG time... Cisco introduced support for it in 2001 - 10 years ago, i would hardly call the current hardware "1st generation". Windows also gained production support in 2001 (XP), and other systems had it around the same time or earlier.

I was mucking around with L3 switches because I needed to test IPv6 routing with some software I wrote (part of the network stack - I needed to make sure traceroutev6 and pingv6 worked). The first switch I got said it had s

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[iserlohn]

As a CCIE, I can assure you that IPv6 is well supported on all network products, many security products, and all server platforms for 5-10 years now. The problem is the people making decisions in the enterprise. There is no hope if you look that way, cause the people that end up in those positions usually in the past have shoulders that look like Mount Everest - the risk aversion is unbelievable, even when they have to live with mediocre and often breaking solutions, they still find it easier just to patch

Re:

[iserlohn]

It rubbed you the wrong way because you have a chip on your shoulder.

I was responding to the GP who said he was "IT professional to and a consultant for an MSP".. hehe..

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[iserlohn]

Guess what, I don't work for a Cisco Partner, and doing the CCIE is for professional development as a network architect. The networks I work with are multi-vendor, including products from Juniper, Fortigate, Avaya, Siemens, Checkpoint, HP, F5, and many others including open source products. The skills that you learn from the CCIE are invaluable. The lab exam conditions you to understand all of the technologies in the blueprint (and all the corner cases and issues with interaction), rather than just knowing

Re:

[ckaminski]

Are you serious? Cisco and others have supported ipv6 in their routers for YEARS - since Cisco iOS 10.0 at the least.

Who did they ask?

[bobstreo]

2013? Seriously?

Who would be going to these sites?

I'm guessing about .1% of ISP's will be able to support native V6 by then...

Or maybe when they were asked respondents thought they were answering something about a new version
of Intellectual Property.

Re:

[saleenS281]

I'm guessing about 99% of ISP's will be able to support it considering the government requires it. There aren't too many successful ISP's in the US of any size that don't do significant business with the government.

Re:

[jroysdon]

Doesn't mean they upgrade/replace all their routers right now. They just upgrade their backbone and put in new routers for IPv6 support and move .gov customers over. Existing customers just stay on the old crud until they complain, and then use the same method - new routers for IPv6 customers. That's VZN & AT&T's present MO.

Re:

[arkenian]

Gotta move the content first. The government should offer porn sites a gratis transition/upgrade if they'll go IPV6 only ;)

Re:

[davester666]

Just get most of the 'free' porn downloading sites to go IPv6-only and see how fast the internet jumps to IPv6...

Re:

[greenreaper]

I know of a furry porn site that did this once for April Fools day [wikifur.com]. Good times.

Netwokrk World was the one asking

[PhreakOfTime]

Since it was Network World, of the IT/Mac/PC World fame(infamy), I consider these results to be about as accurate as a 2yr old calculating the speed of light.

Re:

[mjwx]

2013? Seriously?

Who would be going to these sites?

I'm guessing about .1% of ISP's will be able to support native V6 by then...

1% of US telco's perhaps. 3 out of the 4 of Australia's biggest Telco's are running or rolling out IPv6 in a dual stack configuration (IPv4 and IPv6 run concurrently).

Willing to bet that Europe is the same and Asia is way ahead of us.

Re:

[Just Some Guy]

I'm guessing about .1% of ISP's will be able to support native V6 by then...

We're use a little-known ISP named "Qwest". I asked about native IPv6 last week on a conference call, and the engineer replied, "oh, sure! When do you want to turn it up?" He needs to verify that all the equipment along our routes was ready to go before we make an appointment to go live, but they're actively rolling out IPv6 capability to their customers who want it.

A statistical knee-slapper

[geekmux]

"...Plus, 65% say they will have IPv6 running on their internal networks by then, too."

OK, you almost had me at upgrading corporate web servers (comprising of usually only a handful of machines serving that purpose), but do you honestly expect me to believe that 65% of corporate IT budgets are suddenly and magically going to prioritize an IPv6 transition, as they sit comfortably behind their NAT-enabled firewalled environment, the same environment that will continue to work with zero change?

Talk about going from zero to bullshit in 4.2 seconds. If corporations haven't been listening about the impending "doom" around IPv4 for the last decade, they sure as hell aren't going to start that suddenly now.

and what does IPV6 do for inside network any way?

[Joe_Dragon]

and what does IPV6 do for inside network any way let any on the web have a open IP to any printer / pc on the network? VS some kind of NAT like setup?

Most inside networks are under some kind of port blocking / firewall system. Also what about all the old printers / hardware / apps / os's that can't do IP V6?

Re:

[DarwinSurvivor]

Old hardware aside, nothing is stopping you from using private IPv6 addresses inside your network as a pseudo-nat.

Re:

[jroysdon]

Many propose doing both. If you don't obtain PI IPv6 space from your RIR, I would highly suggest this. All internal-to-internal traffic should use your private IPv6 addresses, and the public IPv6 addresses are used just for accessing outside your networks. The advantage to this is that only your public facing services and routers have to be renumbered when you change ISPs. All your internal networking stays the same.

Re:

[petermgreen]

Unlike IPv4, IPv6 allows multiple addresses per interface,

True, the problem is how are clients supposed to 1: find those addresses and 2: choose which one to use.

Initially a special system of DNS records (A6) was created to try and solve this by allowing DNS servers to combine seperate prefix and suffix information but it was horriblly complex and still didn't solve the problem of how a client should figure out which address is better so it got demoted to experimental status.

ARIN at least gave up on A6 and started just allocating provider independent space to any

Re:

[petermgreen]

I'm not getting why it's so difficult - would seem to me to read the prefix information of the router, and then see if it matches the prefix information of any of the assigned addresses. If it does, use that one.

Which would work fine if the internet was a tree but the internet is not a tree and never has been. A client on ISP A has no way of knowing whether ISB B or ISP C has a better path from their ISP.

Do you then have the option of using your own PI addresses, instead of the ISP's? How does the ISP get to use yours (which they'd have to in order to bring their service to you)? And what happens if you change ISPs - does your ISP automatically let go of it/lose it so that you can hand it to the next ISP in order to ensure that your network is online?

The same way as with V4, you advertise them to your ISPs who then advertise them to their ISPs and peers and so on. If you drop an ISP then you stop advertising it to them which causes them to stop advertising it on the internet.

They were trying to avoid giving anyone but ISPs provider independent space with the id

Re:

[petermgreen]

I know that Site local had been deprecated and replaced by Unique local. I wonder why they even bothered trying to guarantee the uniqueness of all such addresses worldwide since these addresseses are not supposed to be routable

Site local addresses are supposed to be routable within a site. Unique local addresses are supposed to be routable within a site and between a group of cooperating sites.

The problem with site local addresses is how do you define site. If you define it as a physical site then site local addresses are of limited utility since resources and their users often move between sites. If you define it as a whole company then you avoid that problem but create a new one, namely that companies merge. Many people here ta

Re:

[slimjim8094]

Why do you assume that you wouldn't have a firewall for your internal network, even if it's publicly-routable? People have a bad habit of conflating NAT and security...

Every host on the Internet is "supposed" to be able to directly address every other host, but for firewalls of course. A flat address space simplifies things tremendously.

Imagine if your network printer worked from Starbucks, because it was just one fixed address on the Internet. Or you could bookmark your TiVo's web interface without any por

Re:

[mikkelm]

People don't have a bad habit of conflating NAT and security. NAT provides a basic, stateful firewall, and that most certainly /is/ security, incidental or not. IPv6 likely won't bring us all back to the happy days of full end-to-end connectivity, but rather popularise the stateful firewall sans the NAT in CPEs.

Re:and what does IPV6 do for inside network any wa

[smash]

If you're a business, it allows you to MERGE NETWORKS or talk between two discrete LANs in a far more convenient manner. If you've ever had to support the situation where say, you want to talk between a corp network running on 10.0.0.0/8 and another corp also using 10.0.0.0/8, you'll understand the brain damage that IPV4 NAT brings to the table.

Ditto for home users trying to VPN into your network when they're using 10/8 or another one of the private networks on their LAN that you happen to have employed inside your LAN as well.

IPV4 is broken and needs to die.

Re:

[tlhIngan]

NATv6 exists. As does NAT-PT (which actually does translation so IPv4-only can access IPv6-only and vice-versa).

I don't see why we can't have NATv6 routers now - I like the fact that my internal network numbering doesn't change whenever my ISP decides to give me a new prefix. So I don't get end-to-end connectivity. I don't care - even if I did, I'd stick a firewall in front and it'll break end-to-end connectivity anyways.

Re:

[NJRoadfan]

NAT-PT was officially deprecated the last I looked (see: http://www.ietf.org/rfc/rfc4966.txt [ietf.org] ), but I would be interested in a list of products that support it as I have a few IPv4 clients that will NEVER see a native IPv6 stack written for them.

Re:

[gmack]

There is SNAT and at least one firewall app that lets you load balance multiple ipv6 links by keeping the lan on it's private address space and translating for outgoing traffic.

will they recode / buy new apps just do IPV6

[Joe_Dragon]

how many management tools / VPN don't do IPV6?

Re:

[Midnight Thunder]

It probably won't matter. IPv4 is likely to coexist for a long while yetespecially on intranets. IPv6 gives access to places that are too new to have been able to get an IPv4 public address.

When will the Directv boxes go IPV6?

[Joe_Dragon]

They have lot's networking stuff but no place to set IPV6 addresses.

external or internal website?

[MadMaverick9]

if this is about internal websites, then it's a good effort, but who really cares.

if this is about external websites, then again it's a good effort, but ...

where's the upgrade plan/strategy for the people who will want to access these ipv6 websites?

my isp has no plan/strategy how to upgrade to ipv6 afaik. and I am afraid to ask.

Re:

[smash]

Look up NAT64

No the biggest problem is IPv4 devices

[Sycraft-fu]

There are a lot of devices out there that cannot handle IPv6. Not only is it not feasible to just tell everyone "Oh go replace it," not all of them are cheap things that get replaced often. Some are things that are around many a year.

What we need is a good 4 to 6 NAT standard, and to try to get ISPs on board with that. You have the modem/bridge/router work all IPv6, but run an IPv4 DHCP server. Have it hand out addresses that aren't used, maybe in the experimental range since it won't even step on old IPv4 NAT with that, and reserve another section internally for its use. It then internally handles all the translation. An IPv4 device requests a site that request goes to the DNS server in the router, which goes out and gets the AAAA record. It then maps the IPv6 IP to one of its internal IPv4 IPs for the IPv4 devices. The IPv4 device has no idea what is going on, traffic works just as it always has.

Until we get something like that going, there is going to be a large scale adoption problem. Nobody wants to go IPv6 only because doing so cuts off IPv4 sites. Nobody with IPv4 needs to go IPV6 since everything supports v4.

A 4 to 6 NAT system would be a real boon for ISPs since it would alleviate address space concerns. Hell customers could have static IPv6 addresses no problem. Would be worth their while to do, as address space becomes more scarce, and nobody would mind because everything would just keep working.

Re:

[jroysdon]

Uhm, you've missed the "Enterprise" topic here. SOHO has it's own problems, sure. However, most major vendors have had router and firewall support for some time.

Re:No the biggest problem is IPv4 devices

[kimvette]

What good is an enterprise system if SOHO customers can't reach their IPV6-hosted web sites?

Re:

[jroysdon]

Not everyone cares about SOHO users. No one is saying anyone should put up IPv6-only websites either. My point was that this article was about Enterprise plans for IPv6. Not ISPs, not SOHO users, not hosting.

Enabling IPv6 now is going to allow other enterprises who enable IPv6 to connect to my enterprise employer natively, instead of going through NAT devices (be it 4to4 NAT, 6to4 NAT, or even 4to6 NAT).

It will also allow my enterprise employer to connect natively over IPv6 to content provider services.

Re:

[Mr. Arbusto]

XP does support IPv6 network. The only issue is DNS lookups are IPv4.

XP isn't dead because of the change over.

Re:

[acoustix]

Uhm, you've missed the "Enterprise" topic here. SOHO has it's own problems, sure. However, most major vendors have had router and firewall support for some time.

While that is true I have several network printers that do not support IPv6 and I really don't want to replace them. As long as my print servers will take requests from IPv6 clients and push the print jobs to the printer using IPv4 I guess I won't have a problem.

Re:

[account_deleted]

Comment removed based on user account deletion

Two major enterprise features missing

[jroysdon]

We're still missing two major components: Commercial IPv6 Web and Spam filters. Without that, I don't think you want to let your users lose on the IPv6 web or open up your MX to the new spammers.

Re:

[jroysdon]

s/lose/loose

Anyway, you can deploy it for now on the low-hanging fruit:

Get direct RIR allocation (don't wait around for your ISP). You'll be portable and never stuck to one ISP again (yeah, IPv6 makes renumbering easier, but it still isn't easy, and static addressing is not going to go way, get real).

Tunnel and run BGP to HE with your edge routers and tell your ISPs your're shopping around for a better solution.

Turn it up on your firewalls and most dns servers (leave at least one still ipv4-only in the cas

Re:

[kimvette]

All IPV6 needs for mass adoption is for a few pornographers to publish new content exxxclusively on IPV6.

Not missing, fire up google and take a look

[dbIII]

There are appliances based on spamassassin and squid - both of which have handled ipv6 for at least a couple of years. Also a few seconds googling brings up a software solution from roaring penguin software that explicitly filters ipv6.

Re:

[jroysdon]

I've used sendmail + spamassassin and squid for years with IPv6 on a personal level. That's not the problem. The problem is the backend database support. While even Roaring Pengiun Software [roaringpenguin.com] supports IPv6, where do they get their database from? No major database/lookup service supports IPv6 yet. The same is true for Squid - where are you going to get your block lists and filters for IPv6 traffic when no one is selling it?

Re:

[Lennie]

I don't know of any IE6 specific problems, I do know that Windows XP supports IPv6. Which kind of works.

Re:

[EsbenMoseHansen]

Possibly, but I doubt it. Usually, you are using host names, and all the details are handled by (C or possibly Java) libraries, which means your old applications still works beautifully.

Of course, if you have intranet sites for registering your IP address or setting up a VPN or something like that, that might need an update. But the place where you write your business proposals, maintain your CRM database etc. should just work.

Really?

[93 Escort Wagon]

Most Enterprises Plan To Be On IPv6 By 2013

Maybe I've just been unrealistic; but I assumed most of the NCC-1701 series, at least, were already running something more advanced than that.

Re:

[mjwx]

Most Enterprises Plan To Be On IPv6 By 2013

Maybe I've just been unrealistic; but I assumed most of the NCC-1701 series, at least, were already running something more advanced than that.

They couldn't even install fuses to stop the control panels from blowing out whenever the ship hit a little turbulence. They're probably still running a token ring.

Most enterprises plan to deploy IPv6

[microbee]

in two years.

It's been the case since 10 years ago.

Slashdot and IPv6

[bbn]

Slashdot are never going to do IPv6. Luckily we can have slashdot.org as IPv6 anyway using a public NAT64 server. I would link directly but slashcode does not have support for IPv6 literals in URLs (bug!). So here is a tinyurl to the IPv6 slashdot: http://tinyurl.com/3pwuq98 [tinyurl.com]

By the way that URL should work for the majority of windows users. Your computer will automatically use a Teredo IPv6 tunnel to connect to it.

The tinyurl is short for this: http ://[2001:778:0:ffff:64:0:d822:b52d]/ (but without the extra

"Most Enterprises"?

[1u3hr]

"Most Enterprises Plan To Be On IPv6 By 2013"

Yes, the Enterprise (NX-01) will stick with IPV4, but USS Enterprise (NCC-1701) and USS Enterprise (NCC-1701-D) will move on to IPv6.

Code Churn...

[rthille]

Our product is going to require huge amounts of code churn to get IPV6 working. That's going to be ugly work on nasty legacy code...

Re:

[MadMaverick9]

that's all nice and then at the end of 2012 you'll be able to access the one and only website that's ipv6 ready. namely your own website.

do webhosting companies like bluehost, inmotionhosting, godaddy, etc. have an ipv6 strategy? do customers have to pay extra to have their website appear on the ipv6 internet? or ... ???
what's the plan/strategy?

Re:

[DarwinSurvivor]

Yeah, great idea. Let's complain that nobody is implementing IPv6 while at the same time berating and insulting those that actually try to do something about it!

Idiot...

Re:

[MadMaverick9]

so ... judging from ur reply it looks like you don't know either what's the deal with these web hosting companies.

does one have to pay extra to make a website get an ipv6 address. or will they upgrade/migrate customers automatically to an ipv6 address.

I still don't have an answer to these questions. but would like one.

what's their plan/strategy?

Yeah, great idea.

and btw - I am not offering ideas - I am asking questions.

Re:

[Lennie]

Many are already delivering IPv6 to their servers. Some set it up with AAAA-records in DNS. Some have been doing that for 4 or 5 years.

Re:

[iggymanz]

funny, I"ve been updating Debian, Ubuntu, Postgresql, and FreeBSD from ipv6 mirrors for months. There's actually a lot of good stuff out there on ipv6 already.

Re:

[EsbenMoseHansen]

I just took the first one and googled. I didn't find any official announcements, but according to forum messages they plan to have IPv6 ready this year. So next year, maybe? ;)

I also suspect that since I have never heard of those companies, except GoDaddy, this is U.S-companies? The U.S. is possibly the country furthest behind in the IPv6-race, excepting Denmark (where I live).

Linode is slowly rolling out IPv6 finally :D

Anyway, today IPv6 is useful already to provide ssh-connectivity (and stuff that uses

Re:

[bbn]

Your webhosting does not actually need to be IPv6 for you to enable your website. You just need to a AAAA for you DNS name using a public available NAT64.

Here is a public available NAT64: http://ipv6.lt/nat64_en.php [ipv6.lt]

Using that you can access slashdot.org on IPv6:

baldur@pkunk:~$ host slashdot.org
slashdot.org has address 216.34.181.45

baldur@pkunk:~$ ping6 -c1 2001:778:0:ffff:64::216.34.181.45
PING 2001:778:0:ffff:64::216.34.181.45(2001:778:0:ffff:64:0:d822:b52d) 56 data bytes
64 bytes from 2001:778:0:ffff:64:0:

Re:

[BagOBones]

Who's your Firewall vendor and what are you doing for advanced IDP / Application layer protection / Web filtering / intrusion detection? Many vendors are claiming IPv6 as a feature in firewall products but as soon as you scratch the surface you find that that support is often VERY limited, sometimes it is just routing and basic state-full fire-walling, other times feature are unstable / unsupported in on IPv6 traffic.

Re:

[robot256]

A lot of those problems are going to be worked out with the help of gentlemen like the GP, in their big corporate IT labs. It's surprisingly common for expensive, complex equipment like this to be debugged partially on the customer's dime, and I hope the rest of us can benefit from the result.

Re:

[j h woodyatt]

Turns out for external facing web services, you don't need any of that. You just rack up an IPv6 load-balanced proxy and point it at your existing IPv4 servers. The trick is making sure you don't shoot yourself by implementing a stupid per-source address limit and kill your site over IPv6 because all the IPv4 source addresses are the for the proxy array.

Re:

[Lennie]

Or the other way around, so you can remove the proxies in X-years and your webservers logs don't say: proxy-ip-address, proxy-ip-address, proxy-ip-address.

Re:

[BagOBones]

If your Firewall is not able to effectively identify scans and brute force attacks on the IPv6 address of the IPv6 load-balanced proxy, your IPv6 load-balanced proxy will then become the point of failure for attack. If you do IDP and application proxy protection behind the load-balanced proxy you will never know the source of the attack and thus can't block the source because the source will be the load-balanced proxy.

Re:

[belthize]

There are about 30 companies in the world with 300,000 employees, 10 in the US (GE, IBM, USPS, UPS, McDonalds, Walmart, Sears, Target, GM, Citigroup). Most of those have readily accessible IPv6 plans (pretty much have to), they don't just hire some yahoo and say 'Get 'er done', hell some of them *sell* IPv6 solutions (dysfunctional ones but they'll sell it to you).

Corporations that big have a VP of Strategic Planning or some such in charge of IPv6 migration and their schedule is not based

Re:

[Leebert]

Corporations that big have a VP of Strategic Planning or some such in charge of IPv6 migration and their schedule is not based on some random hardware delivered to a readiness lab.

Well, my bet is that at some point Mr. VP of Strategic Planning is going to involve at least one network engineer (as the GP claimed to be). And said engineer will probably have to, you know, test things to make sure they work in a lab somewhere prior to actually executing the IPv6 Strategic Plan. So I don't really get where you're going with this.

Re:

[DarwinSurvivor]

I doubt it. You plan may ON being a billionaire in the next 12 months, but I highly doubt you've actually planned TO be one.

Re:Ya right maybe off XP by 2013

[camperdave]

I work for a pretty good sized company and we'll be lucky to be off XP by then...

No need to worry about that. XP has IPv6 support.

Re:

[rubycodez]

You could have ipv6 in minutes on your OpenSuse box, with your existing network gear. You could do the quick and dirty way with merido, or spend some more time and have the full monty, with no money at all and not changing your ipv4 gear. I have at&t ipv4 only adsl to my home, yet every box in my home has full ipv6 automatic address assignment and access, and moreover my servers at home have *static* ipv6 addresses, even though my ipv4 connection is dynamic. How 'bout them apples? I happen to use SixX

Re:Ohh yeah, in 18 months, and please let me...

[iggymanz]

that's miredo (spelling), but yeah, anyone on slashdot who doesn't have ipv6 (even if their isp is ipv4 only), is a lazy git who should turn in her or his geek card. Too easy and way too many ways to get connectivity through tunnel. Many free services out there, will give you your very own *static* /64 subnet and a tunnel, you can have a static ipv6 address for every cell in your body!

Re:

[TheRaven64]

v6 addresses aren't supposed to be portable between networks. The address is intended for successive delegation, to keep the routing table manageable. In short, you won't ever be able to get your own IPv6 address that you can get an ISP to route, you will have to get a subnet from your ISP, which gets it from their transit provider or RIR.

Re:

[rubycodez]

the ISP or someone above them generally "owns" even a ipv4 net block for us little guys....not sure I'd worry about it for the present. if someday sixxs pulls the rug out from under my /64 subnet, I'd just go to another provider.

(old fart story time) My employer had comcast change their static ipv4 ip out from under them, had to find out what it was. then a couple weeks later they changed it back by accident (we're talking a routed subnet for a few dozen servers here).

Re:

[FlyingGuy]

I had the same thing happen with Verizon. One day working fine, 3:00AM nothing works, nothing routes just dead.

Re:

[gmack]

You want more addresses, then mod IPV4 from a byte per address element to a word per address element and you have 65535 class A's

That can be a simple software update and it can be done incrementally without having to re-engineer the hardware.

That will give enough breathing room to build IPV7 which can be built into something that does not break the entire system.

Doing that would break just as much equipment as the IPv6 transition since you propose changing the header layout. The source IP is defined as bits 96 - 127 and the destination IP is defined as bits 128 - 159. Anything that changes those would no longer be IPv4 or even remotely compatible with IPv4.

Re:

[Bert64]

Why doesn't it? Do you not use the internet at all?
If they can't issue new ipv4, then potential customers may only have ipv6 and be unable to access your website.

Re:

[petermgreen]

If they can't issue new ipv4, then potential customers may only have ipv6

Do you honestly belive that?

If an ISP runs out of public v4 IPs and has any sense they will do the following:

* Redeploy the v4 IPs to the most lucrative uses.
* For those customers who do not pay enough to justify a dedicated public v4 IP provide some system for them to access at least the v4 web and most likely other services on the v4 internet. Most likely either NAT444 (v4 nat both in the CPE and at the ISP) or DS-lite but NAT64 and proxies are also possibilies.

I'd be very surprised if we see any major we

Re:

[gmack]

Yes, you can subnet your network however you want and I've had some fun playing with exactly this.

The reason they didn't define a 32:32:32:32 split is because:
1 They intended to allow for MAC based autoconfig and a MAC address is 48 bits
2 They actually don't care how you layout your local network.

If you use MAC based autoconfig that still leaves you with 16 bits to play with for subnets and if you use DHCPv6 you can play with the whole range if you like.

Re:

[bbn]

The actual split is 32 bit is ISP ID, next 16 bit is customer ID, next 16 subnet ID and 64 bit is interface ID. So it is a 32:16:16:64 split using your notation. Some ISPs might choose a different scheme such as 32:24:8:64.

You can call it waste but it was designed so there would still be plenty of address space to go around.

Re:

[indeterminator]

How many enterprise networks need more than the 10/8 172/12 or 192/16 blocks? - sounds like 70% of IT departments are cowboys

The world doesn't need all that address space either. All we need to do is to build a giant NAT, then put everyone behind it. As a result, only one public IP address is required.

And because NAT == security, it also solves network security. No more viruses!